1506 lines
35 KiB
HTML
1506 lines
35 KiB
HTML
<html>
|
|
<head>
|
|
<title>
|
|
Security Enhanced Linux Reference Policy
|
|
</title>
|
|
<style type="text/css" media="all">@import "style.css";</style>
|
|
</head>
|
|
<body>
|
|
<div id="Header">Security Enhanced Linux Reference Policy</div>
|
|
<div id='Menu'>
|
|
|
|
<a href="admin.html">+
|
|
admin</a></br/>
|
|
<div id='subitem'>
|
|
|
|
- <a href='admin_acct.html'>
|
|
acct</a><br/>
|
|
|
|
- <a href='admin_alsa.html'>
|
|
alsa</a><br/>
|
|
|
|
- <a href='admin_amanda.html'>
|
|
amanda</a><br/>
|
|
|
|
- <a href='admin_anaconda.html'>
|
|
anaconda</a><br/>
|
|
|
|
- <a href='admin_bootloader.html'>
|
|
bootloader</a><br/>
|
|
|
|
- <a href='admin_certwatch.html'>
|
|
certwatch</a><br/>
|
|
|
|
- <a href='admin_consoletype.html'>
|
|
consoletype</a><br/>
|
|
|
|
- <a href='admin_ddcprobe.html'>
|
|
ddcprobe</a><br/>
|
|
|
|
- <a href='admin_dmesg.html'>
|
|
dmesg</a><br/>
|
|
|
|
- <a href='admin_dmidecode.html'>
|
|
dmidecode</a><br/>
|
|
|
|
- <a href='admin_firstboot.html'>
|
|
firstboot</a><br/>
|
|
|
|
- <a href='admin_kudzu.html'>
|
|
kudzu</a><br/>
|
|
|
|
- <a href='admin_logrotate.html'>
|
|
logrotate</a><br/>
|
|
|
|
- <a href='admin_logwatch.html'>
|
|
logwatch</a><br/>
|
|
|
|
- <a href='admin_mrtg.html'>
|
|
mrtg</a><br/>
|
|
|
|
- <a href='admin_netutils.html'>
|
|
netutils</a><br/>
|
|
|
|
- <a href='admin_portage.html'>
|
|
portage</a><br/>
|
|
|
|
- <a href='admin_prelink.html'>
|
|
prelink</a><br/>
|
|
|
|
- <a href='admin_quota.html'>
|
|
quota</a><br/>
|
|
|
|
- <a href='admin_readahead.html'>
|
|
readahead</a><br/>
|
|
|
|
- <a href='admin_rpm.html'>
|
|
rpm</a><br/>
|
|
|
|
- <a href='admin_su.html'>
|
|
su</a><br/>
|
|
|
|
- <a href='admin_sudo.html'>
|
|
sudo</a><br/>
|
|
|
|
- <a href='admin_tmpreaper.html'>
|
|
tmpreaper</a><br/>
|
|
|
|
- <a href='admin_updfstab.html'>
|
|
updfstab</a><br/>
|
|
|
|
- <a href='admin_usbmodules.html'>
|
|
usbmodules</a><br/>
|
|
|
|
- <a href='admin_usermanage.html'>
|
|
usermanage</a><br/>
|
|
|
|
- <a href='admin_vbetool.html'>
|
|
vbetool</a><br/>
|
|
|
|
- <a href='admin_vpn.html'>
|
|
vpn</a><br/>
|
|
|
|
</div>
|
|
|
|
<a href="apps.html">+
|
|
apps</a></br/>
|
|
<div id='subitem'>
|
|
|
|
- <a href='apps_cdrecord.html'>
|
|
cdrecord</a><br/>
|
|
|
|
- <a href='apps_gpg.html'>
|
|
gpg</a><br/>
|
|
|
|
- <a href='apps_irc.html'>
|
|
irc</a><br/>
|
|
|
|
- <a href='apps_java.html'>
|
|
java</a><br/>
|
|
|
|
- <a href='apps_loadkeys.html'>
|
|
loadkeys</a><br/>
|
|
|
|
- <a href='apps_lockdev.html'>
|
|
lockdev</a><br/>
|
|
|
|
- <a href='apps_mono.html'>
|
|
mono</a><br/>
|
|
|
|
- <a href='apps_screen.html'>
|
|
screen</a><br/>
|
|
|
|
- <a href='apps_slocate.html'>
|
|
slocate</a><br/>
|
|
|
|
- <a href='apps_tvtime.html'>
|
|
tvtime</a><br/>
|
|
|
|
- <a href='apps_uml.html'>
|
|
uml</a><br/>
|
|
|
|
- <a href='apps_userhelper.html'>
|
|
userhelper</a><br/>
|
|
|
|
- <a href='apps_usernetctl.html'>
|
|
usernetctl</a><br/>
|
|
|
|
- <a href='apps_webalizer.html'>
|
|
webalizer</a><br/>
|
|
|
|
- <a href='apps_wine.html'>
|
|
wine</a><br/>
|
|
|
|
</div>
|
|
|
|
<a href="kernel.html">+
|
|
kernel</a></br/>
|
|
<div id='subitem'>
|
|
|
|
- <a href='kernel_corecommands.html'>
|
|
corecommands</a><br/>
|
|
|
|
- <a href='kernel_corenetwork.html'>
|
|
corenetwork</a><br/>
|
|
|
|
- <a href='kernel_devices.html'>
|
|
devices</a><br/>
|
|
|
|
- <a href='kernel_domain.html'>
|
|
domain</a><br/>
|
|
|
|
- <a href='kernel_files.html'>
|
|
files</a><br/>
|
|
|
|
- <a href='kernel_filesystem.html'>
|
|
filesystem</a><br/>
|
|
|
|
- <a href='kernel_kernel.html'>
|
|
kernel</a><br/>
|
|
|
|
- <a href='kernel_mcs.html'>
|
|
mcs</a><br/>
|
|
|
|
- <a href='kernel_mls.html'>
|
|
mls</a><br/>
|
|
|
|
- <a href='kernel_selinux.html'>
|
|
selinux</a><br/>
|
|
|
|
- <a href='kernel_storage.html'>
|
|
storage</a><br/>
|
|
|
|
- <a href='kernel_terminal.html'>
|
|
terminal</a><br/>
|
|
|
|
</div>
|
|
|
|
<a href="services.html">+
|
|
services</a></br/>
|
|
<div id='subitem'>
|
|
|
|
- <a href='services_apache.html'>
|
|
apache</a><br/>
|
|
|
|
- <a href='services_apm.html'>
|
|
apm</a><br/>
|
|
|
|
- <a href='services_arpwatch.html'>
|
|
arpwatch</a><br/>
|
|
|
|
- <a href='services_automount.html'>
|
|
automount</a><br/>
|
|
|
|
- <a href='services_avahi.html'>
|
|
avahi</a><br/>
|
|
|
|
- <a href='services_bind.html'>
|
|
bind</a><br/>
|
|
|
|
- <a href='services_bluetooth.html'>
|
|
bluetooth</a><br/>
|
|
|
|
- <a href='services_canna.html'>
|
|
canna</a><br/>
|
|
|
|
- <a href='services_comsat.html'>
|
|
comsat</a><br/>
|
|
|
|
- <a href='services_cpucontrol.html'>
|
|
cpucontrol</a><br/>
|
|
|
|
- <a href='services_cron.html'>
|
|
cron</a><br/>
|
|
|
|
- <a href='services_cups.html'>
|
|
cups</a><br/>
|
|
|
|
- <a href='services_cvs.html'>
|
|
cvs</a><br/>
|
|
|
|
- <a href='services_cyrus.html'>
|
|
cyrus</a><br/>
|
|
|
|
- <a href='services_dbskk.html'>
|
|
dbskk</a><br/>
|
|
|
|
- <a href='services_dbus.html'>
|
|
dbus</a><br/>
|
|
|
|
- <a href='services_dhcp.html'>
|
|
dhcp</a><br/>
|
|
|
|
- <a href='services_dictd.html'>
|
|
dictd</a><br/>
|
|
|
|
- <a href='services_distcc.html'>
|
|
distcc</a><br/>
|
|
|
|
- <a href='services_djbdns.html'>
|
|
djbdns</a><br/>
|
|
|
|
- <a href='services_dovecot.html'>
|
|
dovecot</a><br/>
|
|
|
|
- <a href='services_fetchmail.html'>
|
|
fetchmail</a><br/>
|
|
|
|
- <a href='services_finger.html'>
|
|
finger</a><br/>
|
|
|
|
- <a href='services_ftp.html'>
|
|
ftp</a><br/>
|
|
|
|
- <a href='services_gpm.html'>
|
|
gpm</a><br/>
|
|
|
|
- <a href='services_hal.html'>
|
|
hal</a><br/>
|
|
|
|
- <a href='services_howl.html'>
|
|
howl</a><br/>
|
|
|
|
- <a href='services_i18n_input.html'>
|
|
i18n_input</a><br/>
|
|
|
|
- <a href='services_inetd.html'>
|
|
inetd</a><br/>
|
|
|
|
- <a href='services_inn.html'>
|
|
inn</a><br/>
|
|
|
|
- <a href='services_irqbalance.html'>
|
|
irqbalance</a><br/>
|
|
|
|
- <a href='services_kerberos.html'>
|
|
kerberos</a><br/>
|
|
|
|
- <a href='services_ktalk.html'>
|
|
ktalk</a><br/>
|
|
|
|
- <a href='services_ldap.html'>
|
|
ldap</a><br/>
|
|
|
|
- <a href='services_lpd.html'>
|
|
lpd</a><br/>
|
|
|
|
- <a href='services_mailman.html'>
|
|
mailman</a><br/>
|
|
|
|
- <a href='services_mta.html'>
|
|
mta</a><br/>
|
|
|
|
- <a href='services_mysql.html'>
|
|
mysql</a><br/>
|
|
|
|
- <a href='services_networkmanager.html'>
|
|
networkmanager</a><br/>
|
|
|
|
- <a href='services_nis.html'>
|
|
nis</a><br/>
|
|
|
|
- <a href='services_nscd.html'>
|
|
nscd</a><br/>
|
|
|
|
- <a href='services_ntp.html'>
|
|
ntp</a><br/>
|
|
|
|
- <a href='services_openct.html'>
|
|
openct</a><br/>
|
|
|
|
- <a href='services_pegasus.html'>
|
|
pegasus</a><br/>
|
|
|
|
- <a href='services_portmap.html'>
|
|
portmap</a><br/>
|
|
|
|
- <a href='services_postfix.html'>
|
|
postfix</a><br/>
|
|
|
|
- <a href='services_postgresql.html'>
|
|
postgresql</a><br/>
|
|
|
|
- <a href='services_ppp.html'>
|
|
ppp</a><br/>
|
|
|
|
- <a href='services_privoxy.html'>
|
|
privoxy</a><br/>
|
|
|
|
- <a href='services_procmail.html'>
|
|
procmail</a><br/>
|
|
|
|
- <a href='services_publicfile.html'>
|
|
publicfile</a><br/>
|
|
|
|
- <a href='services_radius.html'>
|
|
radius</a><br/>
|
|
|
|
- <a href='services_radvd.html'>
|
|
radvd</a><br/>
|
|
|
|
- <a href='services_rdisc.html'>
|
|
rdisc</a><br/>
|
|
|
|
- <a href='services_remotelogin.html'>
|
|
remotelogin</a><br/>
|
|
|
|
- <a href='services_rlogin.html'>
|
|
rlogin</a><br/>
|
|
|
|
- <a href='services_roundup.html'>
|
|
roundup</a><br/>
|
|
|
|
- <a href='services_rpc.html'>
|
|
rpc</a><br/>
|
|
|
|
- <a href='services_rshd.html'>
|
|
rshd</a><br/>
|
|
|
|
- <a href='services_rsync.html'>
|
|
rsync</a><br/>
|
|
|
|
- <a href='services_samba.html'>
|
|
samba</a><br/>
|
|
|
|
- <a href='services_sasl.html'>
|
|
sasl</a><br/>
|
|
|
|
- <a href='services_sendmail.html'>
|
|
sendmail</a><br/>
|
|
|
|
- <a href='services_slrnpull.html'>
|
|
slrnpull</a><br/>
|
|
|
|
- <a href='services_smartmon.html'>
|
|
smartmon</a><br/>
|
|
|
|
- <a href='services_snmp.html'>
|
|
snmp</a><br/>
|
|
|
|
- <a href='services_spamassassin.html'>
|
|
spamassassin</a><br/>
|
|
|
|
- <a href='services_squid.html'>
|
|
squid</a><br/>
|
|
|
|
- <a href='services_ssh.html'>
|
|
ssh</a><br/>
|
|
|
|
- <a href='services_stunnel.html'>
|
|
stunnel</a><br/>
|
|
|
|
- <a href='services_sysstat.html'>
|
|
sysstat</a><br/>
|
|
|
|
- <a href='services_tcpd.html'>
|
|
tcpd</a><br/>
|
|
|
|
- <a href='services_telnet.html'>
|
|
telnet</a><br/>
|
|
|
|
- <a href='services_tftp.html'>
|
|
tftp</a><br/>
|
|
|
|
- <a href='services_timidity.html'>
|
|
timidity</a><br/>
|
|
|
|
- <a href='services_ucspitcp.html'>
|
|
ucspitcp</a><br/>
|
|
|
|
- <a href='services_uucp.html'>
|
|
uucp</a><br/>
|
|
|
|
- <a href='services_xfs.html'>
|
|
xfs</a><br/>
|
|
|
|
- <a href='services_xserver.html'>
|
|
xserver</a><br/>
|
|
|
|
- <a href='services_zebra.html'>
|
|
zebra</a><br/>
|
|
|
|
</div>
|
|
|
|
<a href="system.html">+
|
|
system</a></br/>
|
|
<div id='subitem'>
|
|
|
|
- <a href='system_authlogin.html'>
|
|
authlogin</a><br/>
|
|
|
|
- <a href='system_clock.html'>
|
|
clock</a><br/>
|
|
|
|
- <a href='system_daemontools.html'>
|
|
daemontools</a><br/>
|
|
|
|
- <a href='system_fstools.html'>
|
|
fstools</a><br/>
|
|
|
|
- <a href='system_getty.html'>
|
|
getty</a><br/>
|
|
|
|
- <a href='system_hostname.html'>
|
|
hostname</a><br/>
|
|
|
|
- <a href='system_hotplug.html'>
|
|
hotplug</a><br/>
|
|
|
|
- <a href='system_init.html'>
|
|
init</a><br/>
|
|
|
|
- <a href='system_ipsec.html'>
|
|
ipsec</a><br/>
|
|
|
|
- <a href='system_iptables.html'>
|
|
iptables</a><br/>
|
|
|
|
- <a href='system_libraries.html'>
|
|
libraries</a><br/>
|
|
|
|
- <a href='system_locallogin.html'>
|
|
locallogin</a><br/>
|
|
|
|
- <a href='system_logging.html'>
|
|
logging</a><br/>
|
|
|
|
- <a href='system_lvm.html'>
|
|
lvm</a><br/>
|
|
|
|
- <a href='system_miscfiles.html'>
|
|
miscfiles</a><br/>
|
|
|
|
- <a href='system_modutils.html'>
|
|
modutils</a><br/>
|
|
|
|
- <a href='system_mount.html'>
|
|
mount</a><br/>
|
|
|
|
- <a href='system_pcmcia.html'>
|
|
pcmcia</a><br/>
|
|
|
|
- <a href='system_raid.html'>
|
|
raid</a><br/>
|
|
|
|
- <a href='system_selinuxutil.html'>
|
|
selinuxutil</a><br/>
|
|
|
|
- <a href='system_sysnetwork.html'>
|
|
sysnetwork</a><br/>
|
|
|
|
- <a href='system_udev.html'>
|
|
udev</a><br/>
|
|
|
|
- <a href='system_unconfined.html'>
|
|
unconfined</a><br/>
|
|
|
|
- <a href='system_userdomain.html'>
|
|
userdomain</a><br/>
|
|
|
|
</div>
|
|
|
|
<br/><p/>
|
|
<a href="global_booleans.html">* Global Booleans </a>
|
|
<br/><p/>
|
|
<a href="global_tunables.html">* Global Tunables </a>
|
|
<p/><br/><p/>
|
|
<a href="index.html">* Layer Index</a>
|
|
<br/><p/>
|
|
<a href="interfaces.html">* Interface Index</a>
|
|
<br/><p/>
|
|
<a href="templates.html">* Template Index</a>
|
|
</div>
|
|
|
|
<div id="Content">
|
|
|
|
<h1>Layer: admin</h1><p/>
|
|
|
|
<p><p>
|
|
Policy modules for administrative functions, such as package management.
|
|
</p></p><br/>
|
|
|
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="75%">
|
|
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
|
|
|
|
|
|
<tr><td>
|
|
<a href='admin_acct.html'>
|
|
acct</a></td>
|
|
<td><p>Berkeley process accounting</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_alsa.html'>
|
|
alsa</a></td>
|
|
<td><p>Ainit ALSA configuration tool</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_amanda.html'>
|
|
amanda</a></td>
|
|
<td><p>Automated backup program.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_anaconda.html'>
|
|
anaconda</a></td>
|
|
<td><p>Policy for the Anaconda installer.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_bootloader.html'>
|
|
bootloader</a></td>
|
|
<td><p>Policy for the kernel modules, kernel image, and bootloader.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_certwatch.html'>
|
|
certwatch</a></td>
|
|
<td><p>Digital Certificate Tracking</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_consoletype.html'>
|
|
consoletype</a></td>
|
|
<td><p>
|
|
Determine of the console connected to the controlling terminal.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_ddcprobe.html'>
|
|
ddcprobe</a></td>
|
|
<td><p>ddcprobe retrieves monitor and graphics card information</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_dmesg.html'>
|
|
dmesg</a></td>
|
|
<td><p>Policy for dmesg.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_dmidecode.html'>
|
|
dmidecode</a></td>
|
|
<td><p>Decode DMI data for x86/ia64 bioses.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_firstboot.html'>
|
|
firstboot</a></td>
|
|
<td><p>
|
|
Final system configuration run during the first boot
|
|
after installation of Red Hat/Fedora systems.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_kudzu.html'>
|
|
kudzu</a></td>
|
|
<td><p>Hardware detection and configuration tools</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_logrotate.html'>
|
|
logrotate</a></td>
|
|
<td><p>Rotate and archive system logs</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_logwatch.html'>
|
|
logwatch</a></td>
|
|
<td><p>System log analyzer and reporter</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_mrtg.html'>
|
|
mrtg</a></td>
|
|
<td><p>Network traffic graphing</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_netutils.html'>
|
|
netutils</a></td>
|
|
<td><p>Network analysis utilities</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_portage.html'>
|
|
portage</a></td>
|
|
<td><p>
|
|
Portage Package Management System. The primary package management and
|
|
distribution system for Gentoo.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_prelink.html'>
|
|
prelink</a></td>
|
|
<td><p>Prelink ELF shared library mappings.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_quota.html'>
|
|
quota</a></td>
|
|
<td><p>File system quota management</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_readahead.html'>
|
|
readahead</a></td>
|
|
<td><p>Readahead, read files into page cache for improved performance</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_rpm.html'>
|
|
rpm</a></td>
|
|
<td><p>Policy for the RPM package manager.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_su.html'>
|
|
su</a></td>
|
|
<td><p>Run shells with substitute user and group</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_sudo.html'>
|
|
sudo</a></td>
|
|
<td><p>Execute a command with a substitute user</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_tmpreaper.html'>
|
|
tmpreaper</a></td>
|
|
<td><p>Manage temporary directory sizes and file ages</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_updfstab.html'>
|
|
updfstab</a></td>
|
|
<td><p>Red Hat utility to change /etc/fstab.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_usbmodules.html'>
|
|
usbmodules</a></td>
|
|
<td><p>List kernel modules of USB devices</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_usermanage.html'>
|
|
usermanage</a></td>
|
|
<td><p>Policy for managing user accounts.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_vbetool.html'>
|
|
vbetool</a></td>
|
|
<td><p>run real-mode video BIOS code to alter hardware state</p></td>
|
|
|
|
<tr><td>
|
|
<a href='admin_vpn.html'>
|
|
vpn</a></td>
|
|
<td><p>Virtual Private Networking client</p></td>
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
</table>
|
|
<p/><br/><br/>
|
|
|
|
<h1>Layer: kernel</h1><p/>
|
|
|
|
<p><p>
|
|
Policy for kernel threads, proc filesystem,
|
|
and unlabeled processes and objects.
|
|
</p></p><br/>
|
|
|
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="75%">
|
|
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
<tr><td>
|
|
<a href='kernel_corecommands.html'>
|
|
corecommands</a></td>
|
|
<td><p>
|
|
Core policy for shells, and generic programs
|
|
in /bin, /sbin, /usr/bin, and /usr/sbin.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_corenetwork.html'>
|
|
corenetwork</a></td>
|
|
<td><p>Policy controlling access to network objects</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_devices.html'>
|
|
devices</a></td>
|
|
<td><p>
|
|
Device nodes and interfaces for many basic system devices.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_domain.html'>
|
|
domain</a></td>
|
|
<td><p>Core policy for domains.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_files.html'>
|
|
files</a></td>
|
|
<td><p>
|
|
Basic filesystem types and interfaces.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_filesystem.html'>
|
|
filesystem</a></td>
|
|
<td><p>Policy for filesystems.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_kernel.html'>
|
|
kernel</a></td>
|
|
<td><p>
|
|
Policy for kernel threads, proc filesystem,
|
|
and unlabeled processes and objects.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_mcs.html'>
|
|
mcs</a></td>
|
|
<td><p>Multicategory security policy</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_mls.html'>
|
|
mls</a></td>
|
|
<td><p>Multilevel security policy</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_selinux.html'>
|
|
selinux</a></td>
|
|
<td><p>
|
|
Policy for kernel security interface, in particular, selinuxfs.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_storage.html'>
|
|
storage</a></td>
|
|
<td><p>Policy controlling access to storage devices</p></td>
|
|
|
|
<tr><td>
|
|
<a href='kernel_terminal.html'>
|
|
terminal</a></td>
|
|
<td><p>Policy for terminals.</p></td>
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
</table>
|
|
<p/><br/><br/>
|
|
|
|
<h1>Layer: apps</h1><p/>
|
|
|
|
<p><p>Policy modules for applications</p></p><br/>
|
|
|
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="75%">
|
|
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
<tr><td>
|
|
<a href='apps_cdrecord.html'>
|
|
cdrecord</a></td>
|
|
<td><p>Policy for cdrecord</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_gpg.html'>
|
|
gpg</a></td>
|
|
<td><p>Policy for GNU Privacy Guard and related programs.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_irc.html'>
|
|
irc</a></td>
|
|
<td><p>IRC client policy</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_java.html'>
|
|
java</a></td>
|
|
<td><p>Java virtual machine</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_loadkeys.html'>
|
|
loadkeys</a></td>
|
|
<td><p>Load keyboard mappings.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_lockdev.html'>
|
|
lockdev</a></td>
|
|
<td><p>device locking policy for lockdev</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_mono.html'>
|
|
mono</a></td>
|
|
<td><p>Run .NET server and client applications on Linux.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_screen.html'>
|
|
screen</a></td>
|
|
<td><p>GNU terminal multiplexer</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_slocate.html'>
|
|
slocate</a></td>
|
|
<td><p>Update database for mlocate</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_tvtime.html'>
|
|
tvtime</a></td>
|
|
<td><p> tvtime - a high quality television application </p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_uml.html'>
|
|
uml</a></td>
|
|
<td><p>Policy for UML</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_userhelper.html'>
|
|
userhelper</a></td>
|
|
<td><p>SELinux utility to run a shell with a new role</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_usernetctl.html'>
|
|
usernetctl</a></td>
|
|
<td><p>User network interface configuration helper</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_webalizer.html'>
|
|
webalizer</a></td>
|
|
<td><p>Web server log analysis</p></td>
|
|
|
|
<tr><td>
|
|
<a href='apps_wine.html'>
|
|
wine</a></td>
|
|
<td><p>Wine Is Not an Emulator. Run Windows programs in Linux.</p></td>
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
</table>
|
|
<p/><br/><br/>
|
|
|
|
<h1>Layer: system</h1><p/>
|
|
|
|
<p><p>
|
|
Policy modules for system functions from init to multi-user login.
|
|
</p></p><br/>
|
|
|
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="75%">
|
|
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
<tr><td>
|
|
<a href='system_authlogin.html'>
|
|
authlogin</a></td>
|
|
<td><p>Common policy for authentication and user login.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_clock.html'>
|
|
clock</a></td>
|
|
<td><p>Policy for reading and setting the hardware clock.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_daemontools.html'>
|
|
daemontools</a></td>
|
|
<td><p>Collection of tools for managing UNIX services</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_fstools.html'>
|
|
fstools</a></td>
|
|
<td><p>Tools for filesystem management, such as mkfs and fsck.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_getty.html'>
|
|
getty</a></td>
|
|
<td><p>Policy for getty.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_hostname.html'>
|
|
hostname</a></td>
|
|
<td><p>Policy for changing the system host name.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_hotplug.html'>
|
|
hotplug</a></td>
|
|
<td><p>
|
|
Policy for hotplug system, for supporting the
|
|
connection and disconnection of devices at runtime.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_init.html'>
|
|
init</a></td>
|
|
<td><p>System initialization programs (init and init scripts).</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_ipsec.html'>
|
|
ipsec</a></td>
|
|
<td><p>TCP/IP encryption</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_iptables.html'>
|
|
iptables</a></td>
|
|
<td><p>Policy for iptables.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_libraries.html'>
|
|
libraries</a></td>
|
|
<td><p>Policy for system libraries.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_locallogin.html'>
|
|
locallogin</a></td>
|
|
<td><p>Policy for local logins.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_logging.html'>
|
|
logging</a></td>
|
|
<td><p>Policy for the kernel message logger and system logging daemon.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_lvm.html'>
|
|
lvm</a></td>
|
|
<td><p>Policy for logical volume management programs.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_miscfiles.html'>
|
|
miscfiles</a></td>
|
|
<td><p>Miscelaneous files.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_modutils.html'>
|
|
modutils</a></td>
|
|
<td><p>Policy for kernel module utilities</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_mount.html'>
|
|
mount</a></td>
|
|
<td><p>Policy for mount.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_pcmcia.html'>
|
|
pcmcia</a></td>
|
|
<td><p>PCMCIA card management services</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_raid.html'>
|
|
raid</a></td>
|
|
<td><p>RAID array management tools</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_selinuxutil.html'>
|
|
selinuxutil</a></td>
|
|
<td><p>Policy for SELinux policy and userland applications.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_sysnetwork.html'>
|
|
sysnetwork</a></td>
|
|
<td><p>Policy for network configuration: ifconfig and dhcp client.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_udev.html'>
|
|
udev</a></td>
|
|
<td><p>Policy for udev.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_unconfined.html'>
|
|
unconfined</a></td>
|
|
<td><p>The unconfined domain.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='system_userdomain.html'>
|
|
userdomain</a></td>
|
|
<td><p>Policy for user domains</p></td>
|
|
|
|
</td></tr>
|
|
|
|
</table>
|
|
<p/><br/><br/>
|
|
|
|
<h1>Layer: services</h1><p/>
|
|
|
|
<p><p>
|
|
Policy modules for system services, like cron, and network services,
|
|
like sshd.
|
|
</p></p><br/>
|
|
|
|
|
|
<table border="1" cellspacing="0" cellpadding="3" width="75%">
|
|
<tr><td class="title">Module:</td><td class="title">Description:</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
|
|
<tr><td>
|
|
<a href='services_apache.html'>
|
|
apache</a></td>
|
|
<td><p>Apache web server</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_apm.html'>
|
|
apm</a></td>
|
|
<td><p>Advanced power management daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_arpwatch.html'>
|
|
arpwatch</a></td>
|
|
<td><p>Ethernet activity monitor.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_automount.html'>
|
|
automount</a></td>
|
|
<td><p>Filesystem automounter service.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_avahi.html'>
|
|
avahi</a></td>
|
|
<td><p>mDNS/DNS-SD daemon implementing Apple ZeroConf architecture</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_bind.html'>
|
|
bind</a></td>
|
|
<td><p>Berkeley internet name domain DNS server.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_bluetooth.html'>
|
|
bluetooth</a></td>
|
|
<td><p>Bluetooth tools and system services.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_canna.html'>
|
|
canna</a></td>
|
|
<td><p>Canna - kana-kanji conversion server</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_comsat.html'>
|
|
comsat</a></td>
|
|
<td><p>Comsat, a biff server.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_cpucontrol.html'>
|
|
cpucontrol</a></td>
|
|
<td><p>Services for loading CPU microcode and CPU frequency scaling.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_cron.html'>
|
|
cron</a></td>
|
|
<td><p>Periodic execution of scheduled commands.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_cups.html'>
|
|
cups</a></td>
|
|
<td><p>Common UNIX printing system</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_cvs.html'>
|
|
cvs</a></td>
|
|
<td><p>Concurrent versions system</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_cyrus.html'>
|
|
cyrus</a></td>
|
|
<td><p>Cyrus is an IMAP service intended to be run on sealed servers</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_dbskk.html'>
|
|
dbskk</a></td>
|
|
<td><p>Dictionary server for the SKK Japanese input method system.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_dbus.html'>
|
|
dbus</a></td>
|
|
<td><p>Desktop messaging bus</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_dhcp.html'>
|
|
dhcp</a></td>
|
|
<td><p>Dynamic host configuration protocol (DHCP) server</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_dictd.html'>
|
|
dictd</a></td>
|
|
<td><p>Dictionary daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_distcc.html'>
|
|
distcc</a></td>
|
|
<td><p>Distributed compiler daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_djbdns.html'>
|
|
djbdns</a></td>
|
|
<td><p>small and secure DNS daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_dovecot.html'>
|
|
dovecot</a></td>
|
|
<td><p>Dovecot POP and IMAP mail server</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_fetchmail.html'>
|
|
fetchmail</a></td>
|
|
<td><p>Remote-mail retrieval and forwarding utility</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_finger.html'>
|
|
finger</a></td>
|
|
<td><p>Finger user information service.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_ftp.html'>
|
|
ftp</a></td>
|
|
<td><p>File transfer protocol service</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_gpm.html'>
|
|
gpm</a></td>
|
|
<td><p>General Purpose Mouse driver</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_hal.html'>
|
|
hal</a></td>
|
|
<td><p>Hardware abstraction layer</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_howl.html'>
|
|
howl</a></td>
|
|
<td><p>Port of Apple Rendezvous multicast DNS</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_i18n_input.html'>
|
|
i18n_input</a></td>
|
|
<td><p>IIIMF htt server</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_inetd.html'>
|
|
inetd</a></td>
|
|
<td><p>Internet services daemon.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_inn.html'>
|
|
inn</a></td>
|
|
<td><p>Internet News NNTP server</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_irqbalance.html'>
|
|
irqbalance</a></td>
|
|
<td><p>IRQ balancing daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_kerberos.html'>
|
|
kerberos</a></td>
|
|
<td><p>MIT Kerberos admin and KDC</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_ktalk.html'>
|
|
ktalk</a></td>
|
|
<td><p>KDE Talk daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_ldap.html'>
|
|
ldap</a></td>
|
|
<td><p>OpenLDAP directory server</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_lpd.html'>
|
|
lpd</a></td>
|
|
<td><p>Line printer daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_mailman.html'>
|
|
mailman</a></td>
|
|
<td><p>Mailman is for managing electronic mail discussion and e-newsletter lists</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_mta.html'>
|
|
mta</a></td>
|
|
<td><p>Policy common to all email tranfer agents.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_mysql.html'>
|
|
mysql</a></td>
|
|
<td><p>Policy for MySQL</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_networkmanager.html'>
|
|
networkmanager</a></td>
|
|
<td><p>Manager for dynamically switching between networks.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_nis.html'>
|
|
nis</a></td>
|
|
<td><p>Policy for NIS (YP) servers and clients</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_nscd.html'>
|
|
nscd</a></td>
|
|
<td><p>Name service cache daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_ntp.html'>
|
|
ntp</a></td>
|
|
<td><p>Network time protocol daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_openct.html'>
|
|
openct</a></td>
|
|
<td><p>Service for handling smart card readers.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_pegasus.html'>
|
|
pegasus</a></td>
|
|
<td><p>The Open Group Pegasus CIM/WBEM Server.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_portmap.html'>
|
|
portmap</a></td>
|
|
<td><p>RPC port mapping service.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_postfix.html'>
|
|
postfix</a></td>
|
|
<td><p>Postfix email server</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_postgresql.html'>
|
|
postgresql</a></td>
|
|
<td><p>PostgreSQL relational database</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_ppp.html'>
|
|
ppp</a></td>
|
|
<td><p>Point to Point Protocol daemon creates links in ppp networks</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_privoxy.html'>
|
|
privoxy</a></td>
|
|
<td><p>Privacy enhancing web proxy.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_procmail.html'>
|
|
procmail</a></td>
|
|
<td><p>Procmail mail delivery agent</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_publicfile.html'>
|
|
publicfile</a></td>
|
|
<td><p>publicfile supplies files to the public through HTTP and FTP</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_radius.html'>
|
|
radius</a></td>
|
|
<td><p>RADIUS authentication and accounting server.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_radvd.html'>
|
|
radvd</a></td>
|
|
<td><p>IPv6 router advertisement daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_rdisc.html'>
|
|
rdisc</a></td>
|
|
<td><p>Network router discovery daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_remotelogin.html'>
|
|
remotelogin</a></td>
|
|
<td><p>Policy for rshd, rlogind, and telnetd.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_rlogin.html'>
|
|
rlogin</a></td>
|
|
<td><p>Remote login daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_roundup.html'>
|
|
roundup</a></td>
|
|
<td><p>Roundup Issue Tracking System policy</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_rpc.html'>
|
|
rpc</a></td>
|
|
<td><p>Remote Procedure Call Daemon for managment of network based process communication</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_rshd.html'>
|
|
rshd</a></td>
|
|
<td><p>Remote shell service.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_rsync.html'>
|
|
rsync</a></td>
|
|
<td><p>Fast incremental file transfer for synchronization</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_samba.html'>
|
|
samba</a></td>
|
|
<td><p>
|
|
SMB and CIFS client/server programs for UNIX and
|
|
name Service Switch daemon for resolving names
|
|
from Windows NT servers.
|
|
</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_sasl.html'>
|
|
sasl</a></td>
|
|
<td><p>SASL authentication server</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_sendmail.html'>
|
|
sendmail</a></td>
|
|
<td><p>Policy for sendmail.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_slrnpull.html'>
|
|
slrnpull</a></td>
|
|
<td><p>Service for downloading news feeds the slrn newsreader.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_smartmon.html'>
|
|
smartmon</a></td>
|
|
<td><p>Smart disk monitoring daemon policy</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_snmp.html'>
|
|
snmp</a></td>
|
|
<td><p>Simple network management protocol services</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_spamassassin.html'>
|
|
spamassassin</a></td>
|
|
<td><p>Filter used for removing unsolicited email.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_squid.html'>
|
|
squid</a></td>
|
|
<td><p>Squid caching http proxy server</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_ssh.html'>
|
|
ssh</a></td>
|
|
<td><p>Secure shell client and server policy.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_stunnel.html'>
|
|
stunnel</a></td>
|
|
<td><p>SSL Tunneling Proxy</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_sysstat.html'>
|
|
sysstat</a></td>
|
|
<td><p>Policy for sysstat. Reports on various system states</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_tcpd.html'>
|
|
tcpd</a></td>
|
|
<td><p>Policy for TCP daemon.</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_telnet.html'>
|
|
telnet</a></td>
|
|
<td><p>Telnet daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_tftp.html'>
|
|
tftp</a></td>
|
|
<td><p>Trivial file transfer protocol daemon</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_timidity.html'>
|
|
timidity</a></td>
|
|
<td><p>MIDI to WAV converter and player configured as a service</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_ucspitcp.html'>
|
|
ucspitcp</a></td>
|
|
<td><p>ucspitcp policy</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_uucp.html'>
|
|
uucp</a></td>
|
|
<td><p>Unix to Unix Copy</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_xfs.html'>
|
|
xfs</a></td>
|
|
<td><p>X Windows Font Server </p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_xserver.html'>
|
|
xserver</a></td>
|
|
<td><p>X Windows Server</p></td>
|
|
|
|
<tr><td>
|
|
<a href='services_zebra.html'>
|
|
zebra</a></td>
|
|
<td><p>Zebra border gateway protocol network routing service</p></td>
|
|
|
|
</td></tr>
|
|
|
|
|
|
</td></tr>
|
|
|
|
</table>
|
|
<p/><br/><br/>
|
|
|
|
</div>
|
|
</body>
|
|
</html>
|